Guides

Data governance guide

Global CDN Data Residency and Sovereignty Guide

An edge footprint is only one part of the data position. Map cache, logs, security telemetry, keys, support access, and exports before relying on a residency claim.

Published
Updated
Reading time
14 min read
On this page

“EU-hosted” is not a complete answer to privacy, security, or sovereignty questions. A CDN can process requests near users while control-plane access, TLS termination, logs, backups, support, and subprocessors follow different paths. This is a technical and procurement guide, not legal advice.

Overview

Outcome

Produce a component-level data map and evidence pack that lets privacy, security, and procurement teams assess the actual delivery service rather than a regional marketing label.

Map what each edge component may process

Do not assume every enabled product processes every category below. Scope depends on cache policy, logging fields, TLS design, routing, edge code, and support arrangements.

ComponentData that may be processedQuestion to answer
DNS and steeringClient or resolver metadata, hostname, routing decisionWhere are queries processed and logged?
TLS and cacheRequest/response content, headers, cookies, cache keysWhere can decryption and stored response handling occur?
WAF and bot controlsIPs, headers, ruleset matches, security eventsWhere are detection and forensic records retained?
Edge computeRequest fields, identity claims, response, state, function logsWhich regions execute and retain each element?
Management and supportAccounts, configuration, audit trails, tickets, diagnostic dataWho can access it and from where?
The CDN data map
  1. Client to edge

    DNS, TLS, request metadata, cookies, headers, and payloads arrive.

  2. Delivery plane

    Cache, WAF, bot, routing, and edge functions process selected fields.

  3. Origin plane

    Forwarded headers, health checks, and cache fills reach services.

  4. Telemetry and control

    Logs, exports, configuration, support, and key access create persistent paths.

A defensible residency assessment follows data through delivery, telemetry, and management planes, not just through the origin region.

Separate residency, sovereignty, and transfers

Residency is a stated location commitment for a specific data class and service component. Sovereignty is broader operational control over access, keys, subprocessors, legal requests, portability, and deletion. International transfers are a separate GDPR analysis: EU storage alone does not answer whether support access, telemetry export, or a subprocessor creates a third-country transfer.

Representative data-map record
component=WAF-events
data=IP, route-template, action, rule-ID
processing_region=contractual-service-scope
retention=security-policy
export_destination=customer-SIEM
access=least-privilege + audited
transfer_assessment=privacy-owner-review-required

Give logs and cache their own review

Log fields can become the most persistent dataset in an edge architecture. Allowlist fields, redact query strings and secrets, set destination regions, restrict access, and define retention and deletion owners. A cache purge is not proof that logs, backups, analytics, or support artefacts are deleted. Public assets and authenticated HTML also have materially different cache risks.

Contract for evidence and exit

Ask for a service-by-service location matrix, subprocessor list and notice process, support-access controls, log-field options, DPA and transfer terms, incident cooperation, configuration export, purge support, deletion evidence, and migration assistance. Test an exit: export policies and logs, rotate credentials, remove origin allowlists, cut over safely, and retain evidence of completion.

Troubleshooting

Residency assessment failures

  • Treating cache location as the only relevant processing location.
  • Assuming a data-processing agreement and transfer mechanism are interchangeable.
  • Enabling a new log, edge-compute, or support integration without updating the data map.
  • Calling deletion complete without identifying logs, backups, customer destinations, and provider artefacts.

Authoritative references

Turn data location into a verifiable control

Optimi can help technical teams map delivery, telemetry, and management-plane evidence for their edge estate alongside privacy counsel.

Review edge data flows